Profiles search
David H.
Cyber Security Risk Analyst
Phoenix, AZ, United States
Details
Experience:
April, 2019 to Present Dignity Health Phoenix, AZ
Cyber Security Senior Analyst performing 3rd Party Vendor, SAAS, on premise applications, and biomedical device assessments using NIST 800-53 controls in collaboration with corporate policy to conduct technical and policy-based cybersecurity risk assessments. Regular participation and contribution in cross-functional team events or activities to identify, assess, aggregate, and mitigate current and emerging risk events. Provides guidance and subject matter expertise to IT teams on controls and risk reduction methodologies. Assist in defining, developing, and implementing third party risk assessment program processes in accordance with the defined risk appetite to meet the business needs which include biennial reassessments.
• Perform review of completed risk assessment questionnaires for conformance to assessment objectives and methodology using Galvanize RiskBond, Bitsight, CyberGRX and SOC2 Type 2 reports to process 3rd Party Vendor, SAAS, on premise enterprise applications and biomedical devices assessments.
• Conduct business request for proposal (RFP) assessments to assess data and produce analytical insights to understand business objectives, drive risk-based business decisions and influence solution strategies.
• Communicate with key stakeholders results of risk assessments to 3rd party vendors, business owners and various levels of leadership to identify, assess, and document security exceptions and mitigated policy controls associated with new or modified products, services, and third-party operations.
•Contribute to the implementation of new risk practices, solutions, and management of risks according to industry best practice using the NIST CSF to produce quantitative/qualitative risk results using an impact x likelihood matrix.
2019 : Present
Cybersecurity
CyberSecurity Senior Risk Analyst
July, 2015 to April, 2019 Dignity Health Phoenix, AZ
Cyber Security Operations Analyst III that processes access requests or operational incident tickets of medium to high complexity by following established processes for common requests and issues while determining the course of action on unique requests. Also, performs intermediate, complex operational and troubleshooting tasks related to access control, provisioning requests, network and endpoint-security systems. Identifies and escalates incidents, operational performance concerns and may act as an escalation point for other Cyber Security Analysts providing assistance and support as requested to Cyber Security Engineering, Cyber Security IAM Engineering, Network Engineering, and/or Cyber Security Threat Response teams. FTE
• Lead several Cyber Security projects into production for Operations such as Cofense Triage, DUO Two Factor Authentication and Netskope/McAfee DLP by collaborating with other teams
• Created runbooks for operational processes and procedures for the projects to go into production.
• Assists in formal and informal security vulnerability assessments using Nexpose Rapid 7.
• Responsible for operational incident research, process inbound Cyber Security daily requests, manage escalation, occasionally troubleshooting complex, high-profile incidents regarding McAfee EPO AV and Encryption policies, DUO two factor authentication, Cofense phishing emails, account lockouts, reputation filtering by the McAfee Web proxy, Cisco SourceFire Firesight IPS Geo-blocking, expired Sectigo Comodo SSL certs, McAfee and Netskope DLP data classification alerts
2015 : 2019
Cybersecurity
CyberSecurity Analyst
Senior Staff Professional Services Engineer responsible for over 200 Gigamons at over 70 sites working for their client supporting their 3G and 4G LTE network providing daily troubleshooting of data and security monitoring issues, configuring map rules to allow data to be viewed by different monitoring tools such as Netscout Infinistream, Tektronics Geoprobe, K18 Optimon , McAfee IPS and supporting any hardware or software issues relating to Gigamon products . FTE
• Upgraded 80 Gigamon H Series TA1 and HD8 from 2.5 to 4.2 to align all H Series products on same OS
• Configured and enabled TACACS to ensure SOX compliance
• Provided training to operations for after hour support
2012 : 2015
Gigamon
Senior Staff Professional Services Engineer
Cyber Security Senior Analyst performing 3rd Party Vendor, SAAS, on premise applications, and biomedical device assessments using NIST 800-53 controls in collaboration with corporate policy to conduct technical and policy-based cybersecurity risk assessments. Regular participation and contribution in cross-functional team events or activities to identify, assess, aggregate, and mitigate current and emerging risk events. Provides guidance and subject matter expertise to IT teams on controls and risk reduction methodologies. Assist in defining, developing, and implementing third party risk assessment program processes in accordance with the defined risk appetite to meet the business needs which include biennial reassessments.
• Perform review of completed risk assessment questionnaires for conformance to assessment objectives and methodology using Galvanize RiskBond, Bitsight, CyberGRX and SOC2 Type 2 reports to process 3rd Party Vendor, SAAS, on premise enterprise applications and biomedical devices assessments.
• Conduct business request for proposal (RFP) assessments to assess data and produce analytical insights to understand business objectives, drive risk-based business decisions and influence solution strategies.
• Communicate with key stakeholders results of risk assessments to 3rd party vendors, business owners and various levels of leadership to identify, assess, and document security exceptions and mitigated policy controls associated with new or modified products, services, and third-party operations.
•Contribute to the implementation of new risk practices, solutions, and management of risks according to industry best practice using the NIST CSF to produce quantitative/qualitative risk results using an impact x likelihood matrix.
2019 : Present
Cybersecurity
CyberSecurity Senior Risk Analyst
July, 2015 to April, 2019 Dignity Health Phoenix, AZ
Cyber Security Operations Analyst III that processes access requests or operational incident tickets of medium to high complexity by following established processes for common requests and issues while determining the course of action on unique requests. Also, performs intermediate, complex operational and troubleshooting tasks related to access control, provisioning requests, network and endpoint-security systems. Identifies and escalates incidents, operational performance concerns and may act as an escalation point for other Cyber Security Analysts providing assistance and support as requested to Cyber Security Engineering, Cyber Security IAM Engineering, Network Engineering, and/or Cyber Security Threat Response teams. FTE
• Lead several Cyber Security projects into production for Operations such as Cofense Triage, DUO Two Factor Authentication and Netskope/McAfee DLP by collaborating with other teams
• Created runbooks for operational processes and procedures for the projects to go into production.
• Assists in formal and informal security vulnerability assessments using Nexpose Rapid 7.
• Responsible for operational incident research, process inbound Cyber Security daily requests, manage escalation, occasionally troubleshooting complex, high-profile incidents regarding McAfee EPO AV and Encryption policies, DUO two factor authentication, Cofense phishing emails, account lockouts, reputation filtering by the McAfee Web proxy, Cisco SourceFire Firesight IPS Geo-blocking, expired Sectigo Comodo SSL certs, McAfee and Netskope DLP data classification alerts
2015 : 2019
Cybersecurity
CyberSecurity Analyst
Senior Staff Professional Services Engineer responsible for over 200 Gigamons at over 70 sites working for their client supporting their 3G and 4G LTE network providing daily troubleshooting of data and security monitoring issues, configuring map rules to allow data to be viewed by different monitoring tools such as Netscout Infinistream, Tektronics Geoprobe, K18 Optimon , McAfee IPS and supporting any hardware or software issues relating to Gigamon products . FTE
• Upgraded 80 Gigamon H Series TA1 and HD8 from 2.5 to 4.2 to align all H Series products on same OS
• Configured and enabled TACACS to ensure SOX compliance
• Provided training to operations for after hour support
2012 : 2015
Gigamon
Senior Staff Professional Services Engineer
Company:
Cybersecurity
Years of Experience:
12
Skills
Cisco Systems Products, Cisco Technologies, Cloud Security, Computer Security, Cybersecurity, Data Center, Information Security, Load Balancing, MPLS, Network Design, Network Engineering, Networking, Network Security, Risk Assessment, Risk Management, Routers, Security, Security Operations, Servers, Switches, Technical Support, Third Party Risk Management (TPRM), Troubleshooting, Virtual Private Network (VPN), VPN
About
My career includes several years of experience in the IT and Cyber Security environment. I have not had formal training, but I have completed tasks in a timely professional manner through my own troubleshooting or experience of my peers. I have successfully completed my AWS Cloud Practitioner & ISC2 SSCP certification and currently hold the CSA CCSK v.4 certificate. I am a regular virtual attendee at the monthly Southwest CyberSec Forum (SWCSF)
Profile Photo
